Hi and welcome back to FreeDU Hub. Today I'll show you how can we exploit FTP on Metasploit 2 and as you can see I'm running Metasploit 2 on my virtual machine which is VMware Workstation 17 and if you don't know what is Metasploit 2 Metasploit 2 is a intentionally vulnerable Linux virtual machine. This virtual machine can be used to conduct security training, test and security tools and practice common vulnerabilities and penetration testing techniques so you can download it free from the internet and if you want to download it you can go to source forge and search for meta splotable files and you'll be able to download it from here it's 86 865 MB a file and then you can import it in your VMware workstation professional now first of all it is an educational course or whatever I'm teaching is for academic purposes kindly don't try it on the machines for which you don't have written explicit permission to perform these operations now for the sake of access and understanding i have mentioned the ip addresses over here like this is our kali linux machine and this is our metasploitable tool and if you want to find the ip address of the machines you'll go to your terminal window make sure that you are logged in as the super user account once you're logged in here also I have logged in to the super user account and just to verify the IP address you will type ifconfig and press enter you can see the IP address for this one it is 34 as you can see 192.168.189.134 whereas for our Kali Linux I'll type in ifconfig and I'll get the IP address here it's 1 28 so if i'll try to ping this metaspart machine 192.168.189.134 i must receive a response that my kali linux can see metasploitable 2 same if i'll ping it from my metasploit 192 19 2.168.189.128 I must get a reply from there as well.
It means that both machines are talking to each other. So I'll come here, I'll stop the ping and for Metasploitable 2 also I'll stop the ping over here. Now we need to launch an attack for FTP which is running on Metasploitable 2 and we'll try to compromise it through our Kali Linux machine. So let's see how can we do that.
Now the first thing we need to do is we need to find all the computers which are there available on our network and what are the MAC addresses and what are the services running on it. So in order to do that I'll type in command net discover and it would search for all the machines which are available on my network. So as you can see it is scanning all the computers. Now as you can see it identified this computer 134. which we want to target actually and one is the router on our network so our target would be this machine which is metasploitable2 so in order to stop it we press ctrl c over here and that would stop the scan for the time being now since we are targeting ftp and we know that ftp performs on port 21 so we'll use nmap in order to scan our target so we'll type in nmap And then we'll give the IP address of our target which is 192.168.189.134 and after that we'll use"-v".
Now"-v means it's a verbose. It will have a detailed scan of the Nmap so that we can see that what are the operations that it's performing. Then we'll use"-t". It would tell us about the scan type that we are going to scan for TCP. then after that I'll type in minus S and V that would tell us about the version details of the open ports etc and then I am going to enter minus P which is port and then we'll define 21 and we can also give minus O over here that would tell us about the operating system details which are available on our remote target once that's done press enter and it would select or it would find the details about the target Now as you can see that it has completed the scan. So if you'll try to understand the complete scan and the report of it, it is saying that started Nmap version. It gave the details for that. Then it checked for the ports available on the machine. It got all the details. details for that and then it since we asked it to check for port number 21 and as you can see it has highlighted that port 21 tcp is open and vsftpd version 2.3.4 is used on this machine further since we provided a flag of minus so it even gave us the details of the linux operating system over here and it is telling that the version of the linux operating system could be in between this thing And so now we have all the details about the target that the operating system which is being used on it and the TCP the FTP version is there which is VSFTP D 2.3.4 and we can even see that the port is open. Now we'll try to get some more details and we'll try to penetrate in the system that how can we take control of Metasploit Table 2 in order to run different operations using this software. Now that's identified. What we want to do is that we'll use the Nmap scripts which are built-in scripts for FTP as a payload to check that if those scripts can help us out or not. So in order to do that, I'll type in nmap again. and then i'll type in the ip address of the remote target machine i'll type in minus v again minus st and the service name then i'll enter the port number 21 and instead of operating system since now we are aware of the operating system i'll use the script which is available with the nmap and i'll search for ftp over there that if There are any scripts available with Nmap which are related to FTP if they can help us in penetrating in the system. So let's see what's the output of it. So now it is trying to scan the remote computer. It found the script for FTP and it's trying different things on Metasploitable 2 and see if it can penetrate in that or not. Now we have received the output. You'll have to give it some time as you can see that it took around about 10 minutes on my PC just to get the output it really depends that how deep is the stack so let's try to understand the report that we have received first of all it's telling us that port 21 is open ftp and it's using vs ftp version 2.3.4 we knew it earlier then it's saying that it is ftp vs ftp backdoor vulnerability is found on this one which is exploitable and it's even giving you the CVE result of it or the record number of it. If you want to find the CVE number you can go to CVE Maitre website and you'll be able to find the exact detail of it on their databases. As you can see once I entered the details as it is 2011-2523 it showed me a result and if i'll click on it i'll be able to get all the details of this particular exploit but we'll try to read other things in this one so it is even telling that when this exploit was discovered exploit results are over here then it's giving this some websites that you can get some access from there and then this thing is very important that it is telling that anonymous ftp login is allowed on this particular system if we scroll down down it would tell us that it used a brute force attack on it on the accounts and it found a account which is user and the username is user which is a valid credential so that's a quite a lot useful information on this one with the help of which now we can penetrate in this particular system now our next step shall be that how can we connect to this port 21 now there are a number of ways but if you remember we covered a video on netcat so let's try to use it over here and see if netcat can help us in logging into the system so in order to use netcat you'll type nc over here for netcat and then you'll see minus v for verbose and you'll provide the ip address of the target machine 192.168.189.134 and then we'll try to give the port on which we want to communicate on this remote machine since it's FTP it's communicating on port 21 and we'll press enter so now it's trying to log in to the system and see that if it allows us to communicate with the FTP server or not so if you remember it showed us over here that anonymous login is allowed on this machine right over here anonymous FTP login allowed so we'll try to exploit this vulnerability over here as anonymous and it would ask for a password and we'll try to exploit the password which is usually used on an anonymous account as anonymous anonymous so I'll try to type in that anonymous and see if we are able to log in as you can see that we have successfully logged in because that's the known vulnerability on the system that it is still allowing the users to log into the system with the default username and passwords or the anonymous account which is available on port 21. now once that's done let's try to cancel it and let's try to run the same command again and this time let's try to enter the user user as user and let's try to enter the password as user as well so as you can see that worked also so there was a problem in misconfiguration and there was a problem with the default accounts which is available on this specific ftp account so now let's try to exploit it as you know that the ftp that it is using over here is vs ftpd in order to find the exploit for that we can go to exploit database and on this one we'll type here vsftpd and we'll search it and as you can see that it has identified that it has a unix platform on which it was compromised and it has a version and backdoor command execution was possible on that as well so if you want to open it you'll click on this one and it will tell us more details about this exploit and even it's telling us the script that we can use in order to exploit this specific vulnerability which is identified on the remote machine. So if you want to use this exploit which is shown over here and it is written in python you'll download it on your machine and then we'll try to use it on our Kali Linux. Now once the file is downloaded as you can see it's available over here we can rename it or we can copy the name of it from here so that we can paste it later and execute it in our terminal window so let's try to copy the name and then what we need to do is we'll right click over here and click open in terminal now we'll open it in terminal and now we'll need to pass the command for sudo su just to make sure that we have the root access on this one now we'll type in ls to see the file and as you can see it's listed over here now we'll use python 3 over here so we'll type python 3 and then we'll put the name of the file which we copied earlier which is this one and then we'll put the ip address which is 192.168.189.134 so let's try to execute it and as you can see it is shown that it has successfully gained the access to the shell so now we can easily exploit it now if you want to see that if we have successfully penetrated or not so I'll type LS and as you can see I'm able to get the details of my meta exploit table know the IP address of the meta exploitable to I must get the IP address as 134 so I'll type ifconfig and as you can see over here that we have successfully penetrated in the remote machine. Now as you can see I'm logged in to my Kali and I'm logged in to my Metasportable 2. Though I'm logged in as a root user account it is not notifying me that there is a penetration or anything like that happened on this operating system. So in order to see it in practice, let's try to pass in a command of reboot and you can see that now our remote machine is restarting which is Meta Exploitable 2 and that shows that how can you completely take control of a remote machine which is running an FTP due to the vulnerabilities which are available on the system. So that's it for today. Thank you very much.